Date: Wed, 11 Aug 1999 23:16:40 +0200 From: "Marc Schneiders" <marc@oldserver.demon.nl> To: "Greg Black" <gjb-freebsd@gba.oz.au>, "Doug White" <dwhite@resnet.uoregon.edu> Cc: "Donald Burr" <dburr@Powered-By.AC>, "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG>, "FreeBSD Security" <freebsd-security@FreeBSD.ORG> Subject: Re: umountall requests - what does this all mean? Message-ID: <014501bee43e$ce854ba0$0300000a@oldserver.demon.nl> References: <Pine.BSF.4.10.9908091639070.1164-100000@resnet.uoregon.edu> <19990811171943.8382.qmail@alice.gba.oz.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Greg Black <gjb-freebsd@gba.oz.au> writes: > Doug White writes: > > > > Aug 7 19:04:49 60-Hz mountd[150]: umountall request from 207.71.226.193 from unprivileged port > > > > > > 207.71.226.193 is the IP addressed assigned to me by my ADSL provider, so > > > I can only assume that these packets are coming in through the ADSL modem. > > > > > > What do these messages mean, and should I be worried about them? And how > > > do I block them? > > > > What IP is 60-Hz? > > > > It's probably another machine trying to dismount partitions and mountd > > doesn't recognize it. Probably harmless. > > I got some similar messages on a 3.2 box a couple of days ago. > At the time it was connected only to my home LAN and no machines > outside of my office were physically connected to the LAN for > some hours before or after the messages appeared. I was doing > some NFS mounts to that box, but there was no genuine umount > request at the time the message appeared. In fact, now that I > check the log, the IP that the alleged request came from was the > IP of the host that complained -- there was no umount ever done > on the box that day. [...] I get the message in the following circumstances: I kill mountd on another NFS-server *through telnet*.(It happens to be running OpenBSD.) The FreeBSD box (4.0 snapshot 4 July), also configured as an NFS-server (because I use it for src/CVSUP for another FreeBSD, dual PPro, machine), gives the complaint mentioned in the subject, blaming itself for the request. Apparently it listens to this request telnetted to another NFS-host on some (unpriviliged) port and finds it worthwile to tell us. Is this a bug or a stupid user who misconfigured his LAN? Marc Schneiders marc@oldserver.demon.nl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?014501bee43e$ce854ba0$0300000a>